What ports does BitTorrent use? Will it work with a firewall/NAT?
The quick summary: You need to forward your ports if you have NAT in order to get the fastest speeds. This is probably the most common thing that people fail to do when using BitTorrent. Read on for more details of what all this entails, and if it's something that you need to do.
Prior to version 3.2, BitTorrent by default uses ports in the range of 6881-6889. As of 3.2 and later, the range has been extended to 6881-6999. (These are all TCP ports, BitTorrent does not use UDP.) The client starts with the lowest port in the range and sequentially tries higher ports until it can find one to which it can bind. This means that the first client you open will bind to 6881, the next to 6882, etc. Therefore, you only really need to open as many ports as simultaneous BitTorrent clients you would ever have open. For most people it's sufficient to open 6881-6999.
The port range that BitTorrent uses is configurable, see the section on command line parameters, specifically the --minport and --maxport parameters.
The trackers to which BitTorrent must connect usually are on port 6969, so the client must have outbound access on this port. Some trackers are on other ports, however.
BitTorrent will usually work fine in a NAT (network address translation) environment, since it can function with only outbound connections. Such environments generally include all situations where multiple computers share one publicly-visible IP address, most commonly: computers on a home network sharing a cable or xDSL connection. If you are unsure of whether you have NAT or not, then try this link which will try to determine if you are behind a NAT gateway.
However, you will get better speeds if you can accept incoming connections as well. To do this you must use the "port forwarding" feature of whatever is performing the NAT/gateway task. For example, if you have a cable or DSL connection and a router/switch/gateway/firewall, you will need to go into the configuration of this device and forward ports 6881-6999 to the local machine that will be using BitTorrent. If your device makes it hard to enter a range of ports (if you must enter each one separately), then you can just do the first 10 or so ports, or however many simultaneous clients you plan to ever have open. If more than one person behind such a gateway wishes to use BitTorrent, then each machine should use a different port range, and the gateway should be configured to forward each port range to the corresponding local machine.
If you have one of these broadband router/NAT devices (such as the Linksys BEFSR41, D-Link DI-701/704, Netgear RT311, SMC Barricade, 3Com Home Ethernet Gateway, etc.) you will usually need to enter the web configuration of the device. If you're not sure, try http://192.168.1.1 or sometimes http://192.168.0.1. If you can't figure it out, try the manual for the device -- they are often on the manufacturer's web site in PDF form. You can also try the forums at places like Broadband Reports or Practically Networked. To see an example of what you're looking for, this is a link to the Linksys BEFSR41 manual. Look at page 55, under the section "Port Range Forwarding."
If you are using Microsoft's ICS (Internet Connection Sharing), this article on mapping ports might be useful.
If you are using a software firewall, then you must also enable incoming connections to be answered by the BitTorrent client program. Note that Windows XP includes a primitive firewall ("Internet Connection Firewall" or ICF) which you may have to configure for BitTorrent. Here are the directions for opening ports in the Windows XP firewall:
Open the 'Network Connections' folder (click Start, then Control Panel, then Network and Internet Connections, then Network Connections.)
Click the shared connection or the Internet connection that is protected by Internet Connection Firewall, and then, under Tasks, click Change settings of this connection.
On the Advanced tab, click Settings.
For each port you wish to forward, (i.e. 6881, 6882, ... 6999) do the following:
On the Services tab, click Add and enter all of the following information:
In Description of service, type an easily recognized name for the service, such as "BitTorrent".
In Name or IP address of the computer hosting this service on your network, enter 127.0.0.1 (this means "the local machine.")
In both External and Internal port number for this service, enter the port number, e.g. 6881.
Select TCP, then OK.
See this link or this link for more information about the XP firewall.
If you are running another type of software firewall (such as Zone Alarm Pro, Norton Firewall, McAfee Firewall, BlackICE Defender, etc.), you may have to do something similar to allow inbound access on ports 688x to the BitTorrent client (usually btdownloadgui.exe.)
For example, in Zone Alarm Pro, in the Program Listings, click on the program's name (btdownloadgui.exe) and then click the Options button and then enter the ports to use. If you're having trouble connecting, you might try giving BitTorrent access to all ports.
To open ports in the Mac OS X firewall, do the following:
Open System Preferences.
Select the Firewall tab.
Click the New... button.
Click the popup menu in the dialog that appears, and choose Other....
In the Port Number, Range, or Series field, enter 6881-6999.
In the Name field, enter BitTorrent (or any other identifying string.)